on 12-22-2016 10:37 AM
Hi Experts,
I have the arch scenario as below:
1.Deploy Java App on Hana Cloud Platform,runtime is Java Tomcat 7, then configure Destination to on-premise OData service.
2.Configure Access control in Cloud Connector to expose the resource.
3.Access Java app to access backend system and retrieve data.
But I encounter some issue on the destination service.
----Case 1:
configure destination as Basic Authentication.
then when I build HTTP request to backend service, I add following codes:
String credentials = destConfiguration.getProperty("User") + ":" + destConfiguration.getProperty("Password");
String cred_encode = Base64.encodeBase64String(credentials.getBytes()); connection.setRequestProperty("Authorization", "Basic " + cred_encode);
In a word, need to fill Authorization field as "Basic 6HIJ3i8er" into HTTP header, then I can make a successful aceess to backend resource.
----Case 2:
However, now I want to configure destination as Principal Propagation.
Then when I build HTTP request , what content should I fill into HTTP request header? If I did nothing, there is error shown as "#ERROR#com.sap.core.connectivity.protocol.http.handlers.HttpAuthenticationHandler#tunnelclient-4-1#0x7a6fa57f#Unable to generate authorization token".
Thanks in advance for your help.
Alex.
Hi Alex,
did you find a solution? I have the same issue right know, I'm wondering what to put into the HTTP request header. I'm getting a http 401 response (Unauthorized) which makes sense if I leave it blank. I'm working with DestinationConfiguration within a Tomcat 8 runtime.
My Cloud Connector should create a X.509 user Certificate. Am I supposed to use the AuthenticationHeaderProvider and put my SAML2.0 session into the authorization field? It doesn't seem to work that way.
Kai
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
I just figured out myself:
The header field "SAP-Connectivity-Authentication" with "PrincipalPropagation <PrincipalPropagationToken>" is needed, which you can easily get with the getPrincipalPropagationHeader method of an AuthenticationHeaderProvider.
When using the servlet shown here: https://help.sap.com/viewer/cca91383641e40ffbe03bdc78f00f681/Cloud/en-US/22123f544cb64372959b4a1bd8e...
just add
<resource-ref>
<res-ref-name>myAuthHeaderProvider</res-ref-name>
<res-type>com.sap.core.connectivity.api.authentication.AuthenticationHeaderProvider</res-type>
</resource-ref><br>
to the web.xml and the following to your java servlet:
AuthenticationHeaderProvider authHeadProv = (AuthenticationHeaderProvider) ctx.lookup("java:comp/env/myAuthHeaderProvider");
AuthenticationHeader ppHeader = authHeadProv.getPrincipalPropagationHeader();
urlConnection.setRequestProperty(ppHeader.getName(), ppHeader.getValue());
The AuthenticationHeaderProvider API is also worth reading.
User | Count |
---|---|
90 | |
10 | |
10 | |
9 | |
7 | |
6 | |
6 | |
5 | |
4 | |
3 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.